﻿var express = require('express');
var router = express.Router();
var mysql = require('./../database');




//登录页
router.get('/login', function(req, res, next) {
    //req.session.user=req.app.locals.user;
    res.render('login', {message:''});
});

//登陆提交表单
router.post('/login', function (req, res, next) {



    console.log(req.query)
    //console.log(req.body)
    var username = req.body.username;
    var password = req.body.password;

    var usernameFilter = ["=","union"];
    var passwordFilter = ["=","union","updatexml"]

    for (var i =0;i<usernameFilter.length;i++){
        if(username.includes(usernameFilter[i])){
            res.render('login', { message: "检测到敏感词" });
            return;
        }
    }
    for (var i =0;i<passwordFilter.length;i++){
        if(password.includes(passwordFilter[i])){
            res.render('login', { message: "检测到敏感词" });
            return;
        }
    }
    //mysql.escape()防止注入攻击
    var query = 'SELECT *FROM users WHERE u3ername="'  +username + '"AND pa33word="' +password+'"';
    console.log(query)
    mysql.query(query, function (err, rows, fields) {
        if (err) {
            console.log(err);
            res.render('login', { message: err.sqlMessage });
            return;
        }
        var user = rows[0];
        if (!user) {
            res.render('login', { message: '用户名或密码错误' });
            return;
        }

        res.render('login', { message: '登陆成功' });

        
    });
});




// //主页
// router.get('/', function (req, res, next) {
//     //req.query.page是url中的page参数，如localhost:3000/?page=2
//     //如果url中无page参数，经过或运算，page还是等于一，即默认显示第一页
//     var page=req.query.page||1;
//     var start=(page-1)*5;
//     var end=page*5;
//     // COUNT(*)是自带函数，返回个数；AS表示别名
//     var queryCount='SELECT COUNT(*) AS articleNum FROM article';
//     //倒序从数据库中找八篇文章
//     //LIMIT后面必须加一个空格
//     var queryArticle='SELECT *FROM article ORDER BY articleID DESC LIMIT '+start+','+end;
//     mysql.query(queryArticle, function (err, rows, fields) {
//         var articles = rows;
//         mysql.query(queryCount,function(err,rows,fields){
//             var articleNum=rows[0].articleNum;
//             var pageNum=Math.ceil(articleNum/5);

//             res.render('index', { articles: articles ,user:req.session.user ,pageNum:pageNum,page:page});
//         });

//     });

   
// });

// //注册账号
// router.get('/register', function (req, res, next) {
//     res.render('register');
// });

// router.post('/register', function (req, res, next) {

// //

  
//         var mysqlParams = [req.body.username, req.body.email, req.body.password];
//         var query = "INSERT INTO user(username,email,password) VALUES(?,?,?)";
//       //  console.log("qqqqq")
//         mysql.query(query, mysqlParams, function (err, rows, fields) {
//             if (err) {
//                 console.log(err);
//                 return;
//             }
//             //mysql query出这个用户
//             //req.session.user=user;
//             var query1='SELECT * FROM user WHERE username='+mysql.escape(req.body.username)+'AND password='+mysql.escape(req.body.password);
//             mysql.query(query1,function(err,rows,fields){
//                 if(err){
//                     console.log(err);
//                     return;
//                 }
//                 var user=rows[0];
//                 req.session.user=user;
//                 //redirect必须放在这个函数体里
//                 res.redirect('/');
//             });

//             //res.send({user:req.session.user});

            
// 		});
		
// });

// //文章内容
// router.get('/article/:articleID', function (req, res, next) {
//     var articleID = req.params.articleID;
//     var query = 'SELECT * FROM article WHERE articleID=' + mysql.escape(articleID);

//     mysql.query(query, function (err, rows, fields) {
//         if (err) {
//             console.log(err);
//             return;
//         }
//         var article = rows[0];
//         var query='UPDATE article SET articleClick=articleClick+1 WHERE  articleID='+mysql.escape(articleID);
//         mysql.query(query,function(err,rows,fields){
//             if(err){
//                 console.log(err);
//                 return;
//             }
//             var query='SELECT * FROM comments WHERE article_id='+mysql.escape(articleID);
//             mysql.query(query,function(err,rows,fields){
//                 if(err){
//                     console.log(err);
//                     return ;
//                 }
//                 let comments=rows;
//                 res.render('article',{article:article,comments:comments})
//             })
//             //res.render('article', { article: article });
//         });

//     });
// });

// router.post('/article/:articleID',function(req, res, next){
//     var comment=req.body.user_comment;
//     console.log(comment);
//     console.log(window.location);
//    // var article_id=req.params.;
//     var uid=req.session.user.uid;

//     var query='INSERT comments SET article_id='+mysql.escape(article_id)+',from_uid='+mysql.escape(uid)+',content='+mysql.escape(comment);
//     mysql.query(query,function(err,rows,fields){
//         // if(err){
//         //     console.log(err);
//         //     return;
//         // }
//         //res.render('article');
//     })
// })

// //关于页
// router.get('/about',function(req,res,next){
//     res.render('about');
// })

// //创作页面
// router.get('/write',function(req,res,next){
//     var user=req.session.user;
//     if(!user){
//         res.redirect('/login');
//         return;
//     }
//     res.render('write');
// });

// router.post('/write',function (req,res,next){
//     var title=req.body.title;
//     var content=req.body.desc;
//     var author_uid=req.session.user.uid;
//     var author=req.session.user.username;
//     var query='INSERT article SET articleTitle='+mysql.escape(title)+',articleAuthor='+mysql.escape(author)+',articleContent='+mysql.escape(content)+',articleTime=CURDATE()'+',articlePreview='+mysql.escape(title)+',author_uid='+mysql.escape(author_uid);
//     mysql.query(query,function(err,rows,fields){
//         if(err){
//             console.log(err);
//             return;
//         }
//         res.redirect('/');
//     });
// });

// //个人简介页
// router.get('/profile',function(req,res,next){

//     var query='UPDATE user SET coverSrc='+mysql.escape(req.query.coverSrc)+'WHERE uid='+mysql.escape(req.session.user.uid);
//     mysql.query(query,function(err,rows,fields){
//         var query1='SELECT * FROM user WHERE uid='+mysql.escape(req.session.user.uid);
//         mysql.query(query1,function(err,rows,fields){
//             var user=rows[0];
//             var query2='SELECT * FROM collection WHERE user_id='+mysql.escape(req.session.user.uid);
//             mysql.query(query2,function (err,rows,fields){
//                 //console.log(rows);

//                 var collected_articles=rows;
//                 //
//                 var query3='SELECT * FROM article WHERE author_uid='+mysql.escape(req.session.user.uid);
//                 mysql.query(query3,function(err,rows,fields){
//                     var my_articles=rows;
//                     console.log(rows);
//                     res.render('profile',{user:user,collected_articles:collected_articles,my_articles:my_articles});
//                 });


//             })

//         })


//     });

// });



module.exports = router;
